To fix any problems with the additional DNS servers not being pushed on Ubuntu 16.04 try the followings:
– disable Network Manager dnsmasq built in feature
vim /etc/NetworkManager/NetworkManager.conf # comment out below line #dns=dnsmasq
– restart network manager
sudo systemctl restart network-manager
Now any DNS servers manually added or pushed by the VPN server will be used by your system.
One of the nice things of using AWS ECR is that everything is managed for you by AWS (infrastructure, patching, upgrades…) so you don’t need to worry too much about any of those. But you need to accept the limitations and when possible to “fix” them.
One of the features which is not available on AWS ECR is anonymous pull.
There is a container which can be used for this purpose.
Before using the container there are few recommendations:
To install OpenXenManager in Linux Mint/Ubuntu follows the steps below. The installation might be compatible with other Linux distributions.
Install the requirements.
apt-get install python-gtk2 glade python-gtk-vnc python-glade2 git
Download the source from the repo.
cd /usr/share
git clone https://github.com/OpenXenManager/openxenmanager.git
Create the start script.
vim /usr/bin/openxenmanager
#!/bin/sh
# OpenXenManager workaround for binary
test -d /usr/share/openxenmanager || exit 1;
cd /usr/share/openxenmanager;
python openxenmanager
Set the new file as executable.
chmod a+x /usr/bin/openxenmanager
To start openxenmanager run on the console below command as a user (not root)
openxenmanager
After you should see the interface of the program.
Here are the steps and couple of tips on how to install xtables-addon on CentOS and RedHat 6.4 and 6.5. It might work on all 6.X releases. In centalt repo could be found the rpms and srpms for versions 1.41 and 1.47.1 versions but I couldn’t use any on the above mentioned installations.
I wrote a puppet module which will install the xtables-addons and the update script. The module can be found on https://github.com/catalinpan/puppet-xtables-addons with some more explanations on how can be used.
For the manual installation start with updating your server or skip to next command.
How to use selinux on your Redhat/CentOS server.
Check if selinux is enabled/disabled
sestatus
Disable on the fly selinux
setenforce 0
Enable on-the-fly selinux
setenforce 1
Install utilities to be able to change selinux policies
yum install policycoreutils policycoreutils-python
yum install -y setroubleshoot
Check for selinux errors
cat /var/log/audit/audit.* /var/log/messages* | audit2allow
Create selinux rules based on what was found on logs
cat /var/log/audit/audit.* /var/log/messages* | audit2allow -M mysemanage
Apply the rules on the system
sudo semodule -i mysemanage.pp
In case you run in to trouble and even after applying the pp file your app will still be blocked use the following commands
The below solution works only with a paravirtualized VM.
On git hub can be found a very nice puppet module which does exactly the same installation.
https://github.com/MSMFG/puppet-s3fs
First remove the fuse installed:
yum remove fuse fuse* fuse-devel
Install all the required packages:
yum install gcc libstdc++-devel gcc-c++ curl curl* curl-devel libxml2 libxml2* libxml2-devel openssl-devel mailcap vim wget -y
Navigate to the installation folder:
cd /usr/local/src
Download fuse and install:
wget http://downloads.sourceforge.net/project/fuse/fuse-2.X/2.9.3/fuse-2.9.3.tar.gz tar -xvf fuse-2.9.3.tar.gz mv fuse-2.9.3 fuse cd fuse ./configure --prefix=/usr make make install export PKG_CONFIG_PATH=/usr/lib/pkgconfig:/usr/lib64/pkgconfig/ ldconfig modprobe fuse pkg-config --modversion fuse
Install s3fs:
In order to allow the clients to send emails using SMTP authentication, update the following files:
/etc/postfix/main.cf
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
/etc/dovecot/conf.d/10-master.conf
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0600
user = postfix
group = postfix
user = $default_internal_user
}
reload posfix
service restart dovecot
This will allow a client like Outlook to authenticate for sending emails.
Fix for :
Checking services…
Error: Service check command ‘check_nrpe’ specified in service ‘LOAD’ for host ‘server_name’ not defined anywhere!
In order to make check_nrpe working on the configuration file need to add the following lines on the /etc/nagios/objects/commands.cfg
define command{
command_name check_nrpe
command_line /usr/lib64/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}
Restart the nagios service after.
The configuration on the server will look like:
define service {
use generic-service
host_name server_name
service_description LOAD
check_command check_nrpe!check_load
}
To test if the configuration is working:
This is the command which can be used to show all the users with all the grants on mysql from command line.
select user,host,password from mysql.user order by user;
Useful command to add ssh key.
cat your_id_rsa.pub >> ~/.ssh/authorized_keys
SSH chain login.
ssh -A -t user@server1 ssh -A -t user@server2 ssh -A user@server3
Find in specific files and replace
grep -rl --include=*.xml oldname /var/www/html | xargs sed -i 's/oldname/newname/g'
Test CPU waiting time because of the IOPS
iostat -mx 1
Add ssh key to a remote server with a single command
The documentation on the Trac website is clear but I was on the wrong track trying to use fcgi on CentOS and to make that Trac server working. After couple of days of research this is my solution to install (migrate) the Trac server.
##Start with epel and remi repo installation##rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
vi /etc/yum.repo.d/remi.repo
##Change first “enable=0” to “enable=1“; ## Because the previous server was using MySQL with utf8mb4 database, I had to install mysql 5.5 ##Check first what version of mysql will be installed